Number: 
Creation Date:  2025-02-12
Category:  IMT Security
Effective Date:  2025-02-12
Last Reviewed:  2025-02-12
Version:  1.0
Scheduled Review Date: 2026-02-28
Security Classification:  Protected A
Status:  Approved

Description:
​​​
Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us: imt.policy@gov.ab.ca.

​This standard establishes a comprehensive and integrated approach to conducting solution threat modeling within the Government of Alberta (GoA).

Solution threat modeling enables Information Controllers, Information Custodians and solution delivery and acquisition teams to:

  • proactively identity threats and risks to GoA systems and data on an ongoing basis;
  • proactively revise solution requirements, architectures, and designs for the identified threats and risks; and
  • improve their ability to manage their remaining solution risks and their associated costs by integrating their threat model into GoA’s Security Threat and Risk Assessment (STRA) process.

Keywords: information controller, information custodian, risk assessment, risk mitigation, SDLC, solution delivery lifecycle, threat modeling